[mosh-devel] thoughts on mosh
Keith Winstein
keithw at MIT.EDU
Mon May 21 20:26:58 EDT 2012
This (and Jacob's note) raise a larger question: Is Mosh trying to disguise
the fact that a Mosh session exists between two hosts?
Currently our answer is a definite no, and ditto the other transport layer
security protocols.
SSH doesn't try to hide that an SSH connection is happening (the packets
are usually sent to port 22 after all, and an SSH banner is sent in
cleartext at the start of the connection). HTTPS doesn't. DTLS doesn't. And
SSP doesn't either.
Yes, the incrementing sequence number does indicate a Mosh session, but so
do other distinguishing characteristics like the port numbers and 3-second
heartbeats.
My worry is that if we start to do half-measures at network layer security,
people will get confused about what we're trying to protect. Either
somebody will "crack" our partial protocol hiding (and then we have to
explain that it's not a "real" crack -- good luck getting people to believe
that), or users will get a false sense of security.
My colleague Katrina has some scary/awesome results where she sniffs
packets outside a VPN and tells you with 90+% probability what protocols
are being used and what popular Web sites (!) the user is visiting.
On Wed, May 16, 2012 at 5:00 PM, Peter Jeremy <peter at rulingia.com> wrote:
> This incrementing nonce does provide a very simple way to detect a
> mosh session. Even if you can't see the actual data, simple traffic
> analysis can reveal information that users might prefer not to reveal.
>
> A fairly simple way to hide this would be to encrypt the nonce (and
> possibly the rest of the mosh header) using ECB. During setup (which
> is protected via SSH), the mosh server would return two keys - the
> existing key used for encrypting the actual mosh session and a second
> key used to encrypt the nonce. Since the intent is just to whiten
> the UDP packets and nonce's don't repeat, the downsides of ECB aren't
> important here.
>
> Of course, this still leaves the periodic keepalive packets but
> detecting a session this way takes more effort (and you could add some
> jitter to the keepalives to make it less obvious).
>
> --
> Peter Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20120521/7bbcc869/attachment.html
More information about the mosh-devel
mailing list